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DETAILED ACTION 



Claim Rejections - 35 USC § 103 



The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

Claims 1-3, 10, and 13 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Baumannin view of Vaidya. 

Regarding claim 1 Baumann teaches a method of detecting intrusions in a wireless 
network (see col. 1, lines 6-8 and col. 4, lines 1-3). Baumann teaches researching and defining 
normal communication behavior with the intent of ascertaining user and temporal patterns (see 
col. 3, lines 7-18 & 25-30). Baumarm teaches researching potential sources of information that 
will lead to the detection of potentially intrusive events (see col. 3, lines 65-67 and col. 4, lines 1- 
6, 16-23, & 25-38). Baumaim does not specifically teach researching potential sources of 
information that will lead to the classification of potentially intrusive events, establishing a 
knowledge base of anomalous network activity that will form the foundation for classifying 
potentially intrusive events, analyzing an attack model to provide an adaptive response to 
intrusions in a wireless network, or utilizing the attack model to provide an adaptive response to 
intrusions in a wireless network. Vaidya teaches researching potential sources of information 
that will lead to the classification of potentially intrusive events (see col. 5, lines 33-37). Vaidya 
teaches establishing a knowledge base of anomalous network activity that will form the 
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foundation for classifying potentially intrusive events (see col. 5, lines 47-51). Vaidya teaches 
analyzing an attack model to provide an adaptive response to intrusions in a network (see col. 5, 
lines 33-35). Vaidya teaches utilizing the attack model to provide an adaptive response to 
intrusions in a network (see col. 12, lines 62-65). It would have been obvious to one of ordinary 
skill in the art at the time the invention was made to make the device adapt to include researching 
potential sources of information that will lead to the classification of potentially intrusive events, 
establishing a knowledge base of anomalous network activity that will form the foundation for 
classifying potentially intrusive events, analyzing an attack model to provide an adaptive 
response to intrusions in a wireless network, and utilizing the attack model to provide an 
adaptive response to intrusions in a wireless network because this would allow for improved 
detection and prevention of network access from fraudulent users. 

Regarding claim 2 Baumarm teaches collecting real-world information concerning 
potentially intrusive events and updating the knowledge base (see col.4, lines 10-12 & 20-24). 

Regarding claim 3 Baumarm and Vaidya teach a device as recited in claim 2 except for 
developing a recovery model to recover from an intrusion of a wireless network. Vaidya does 
teach recovering from a network intrusion (see col. 7, lines 6-10 and col. 6, lines 24-26). It 
would have been obvious to one of ordinary skill in the art at the time the invention was made to 
make the device adapt to include developing a recovery model to recover from an intrusion of a 
wireless network because this would allow for efficient recovery from network intrusion. 

Regarding claim 10 Baumarm teaches data related to suspicious events including passive 
eavesdropping, deception and denial of service (see col. 4, lines 18-36 and col. 7, lines 36-41). 
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Regarding claim 1 3 Baumann teaches a method of detecting intrusions in a wireless 
network (see coL 1, lines 6-8 and col. 4, lines 1-3). Baumann teaches researching and defining 
normal communication behavior with the intent of ascertaining user and temporal patterns (see 
col. 3, lines 7-18 & 25-30). Baumann teaches researching potential sources of information that 
will lead to the detection of potentially intrusive events (see col. 3, lines 65-67 and col. 4, lines 1- 
6, 16-23, & 25-38). Baumann teaches collecting real-world information concerning potentially 
intrusive events and updating the knowledge base (see col.4, lines 10-12 & 20-24). Baumann 
does not specifically teach establishing a knowledge base of anomalous activity that will lead to 
the classification of potentially intrusive events, establishing a knowledge base of anomalous 
network activity that will form the foundation for classifying potentially intrusive events, 
creating and utilizing an attack model to provide an adaptive response to intrusions in a wireless 
network, or developing a recovery model to recover from an intrusion of a wireless network. 
Vaidya teaches establishing a knowledge base of anomalous activity that will lead to the 
classification of potentially intrusive events (see col. 5, lines 33-37). Vaidya teaches establishing 
a knowledge base of anomalous network activity that will form the foundation for classifying 
potentially intrusive events (see col. 5, lines 47-5 1). Vaidya teaches creating and utilizing an 
attack model to provide an adaptive response to intrusions in a network (see col. 5, lines 33-35 
and col. 12, lines 62-65). Vaidya teaches recovering from a network intrusion (see col. 7, lines 
6-10 and col. 6, lines 24-26). It would have been obvious to one of ordinary skill in the art at the 
time the invention was made to make the device adapt to include establishing a knowledge base 
of anomalous activity that will lead to the classification of potentially intrusive events, 
establishing a knowledge base of anomalous network activity that will form the foundation for 
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classifying potentially intrusive events, creating and utilizing an attack model to provide an 
adaptive response to intrusions in a wireless network, or developing a recovery model to recover 
from an intrusion of a wireless network because this would allow for improved detection and 
prevention of network access from fraudulent users. 

Claims 4-9, 1 1-12, and 14-15 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Baumann in view of Vaidya and Hopkins. 

Regarding claim 4 Baumann and Vaidya teach a device as recited in claim 1 except for a 
wireless network that is the Tactical Internet. Vaidya does teach a network that is the Internet 
(see col. 5, lines 44-46). Hopkins teaches tactical data links exchanging messages in a radio 
network (see pg. 5, 9^^ paragraph and pg. 6, 1^' paragraph). It would have been obvious to one of 
ordinary skill in the art at the time the invention was made to make the device adapt to include a 
wireless network that is the Tactical Internet because this would allow for improved detection 
and prevention of Internet access from fraudulent users. 

Regarding claim 5 Baumann, Vaidya, and Hopkins teaches a device as recited in claim 1 
except for a wireless network that is a Situation Assessment Data Link (SADL). Hopkins does 
teach a wireless network used to analyze data link messages (see pg. 4, l^'-3'^'* paragraphs). It 
would have been obvious to one of ordinary skill in the art at the time the invention was made to 
make the device adapt to include a wireless network that is a Situation Assessment Data Link 
(SADL) because this would allow for efficient recovery from network intrusion. 

Regarding claim 6 Hopkins teaches a wireless network that is a tactical data link network 
(see pg. 5, 9^ paragraph and pg. 6, 1^^ paragraph). 
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Regarding claim 7 Hopkins teaches a tactical data link that is a Link- 16 type tactical 
data link and its logical extensions (see pg. 6, 1^^ paragraph). 

Regarding claim 8 Hopkins teaches a device as recited in claim 7 and is rejected given 
the same reasoning as above. 

Regarding claim 9 Hopkins teaches a device as recited in claim 7 and is rejected given 
the same reasoning as above. 

Regarding claim 1 1 Vaidya teaches an attack model that is utilized to generate signatures 
of suspicious events (see col. 5, lines 33-36). 

Regarding claim 12 Vaidya teaches an attack model that is utilized to generate 
recommendations regarding the set up of a network (see col. 6, lines 10-18). 

Regarding claim 14 Baumann teaches a method of detecting intrusions in a wireless 
network (see col. 1, lines 6-8 and col. 4, lines 1-3). Baumann teaches researching and defining 
normal communication behavior with the intent of ascertaining user and temporal patterns (see 
col. 3, lines 7-1 8 & 25-30). Baumann teaches researching potential sources of information that 
will lead to the detection of potentially intrusive events (see col. 3, lines 65-67 and col. 4, lines 1- 
65 16-23, & 25-38). Baumann teaches collecting real-world information concerning potentially 
intrusive events and updating the knowledge base (see col.4, lines 10-12 & 20-24). Baumann 
teaches data related to suspicious events including passive eavesdropping, deception and denial 
of service (see col. 4, lines 18-36 and col. 7, lines 36-41). Baumann does not specifically teach 
detecting intrusions in a Tactical Internet, establishing a knowledge base of anomalous activity 
that will lead to the classification of potentially intrusive events, establishing a knowledge base 
of anomalous network activity that will form the foundation for classifying potentially intrusive 
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events, creating and utilizing an IW attack model to provide an adaptive response to intrusions in 
a Tactical Internet, or developing a recovery model to recover from an intrusion of a Tactical 
Internet. Vaidya teaches establishing a knowledge base of anomalous activity that will lead to 
the classification of potentially intrusive events (see col. 5, lines 33-37). Vaidya teaches 
establishing a knowledge base of anomalous network activity that will form the foundation for 
classifying potentially intrusive events (see col. 5, lines 47-51), Vaidya teaches creating and 
utilizing an attack model to provide an adaptive response to intrusions in a network (see col. 5, 
lines 33-35 and col. 12, lines 62-65). Vaidya teaches recovering from a network intrusion (see 
col. 7, lines 6-10 and col. 6, lines 24-26). Vaidya does teach a network that is the Internet (see 
col. 5, lines 44-46): Hopkins teaches tactical data links exchanging messages in a radio network 
(see pg. 5, 9^^ paragraph and pg. 6, 1^* paragraph). It would have been obvious to one of ordinary 
skill in the art at the time the invention was made to make the device adapt to include detecting 
intrusions in a Tactical Internet, establishing a knowledge base of anomalous activity that will 
lead to the classification of potentially intrusive events, establishing a knowledge base of 
anomalous network activity that will form the foundation for classifying potentially intrusive 
events, creating and utilizing an IW attack model to provide an adaptive response to intrusions in 
a Tactical Internet, or developing a recovery model to recover from an intrusion of a Tactical 
Internet because this would allow for improved detection and prevention of network access from 
fraudulent users. 

Regarding claim 15 Baumaim teaches a method of detecting intrusions in a RF based 
network (see col. 1, lines 6-8 and col. 4, lines 1-8). Baumann teaches researching and defining 
normal communication behavior with the intent of ascertaining user and temporal patterns (see 
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col. 3, lines 7-18 & 25-30). Baumann teaches researching potential sources of information that 
will lead to the detection of potentially intrusive events (see col. 3, lines 65-67 and col, 4, lines 1- 
6, 16-23, & 25-38). Baumann teaches collecting real-world information concerning potentially 
intrusive events and updating the knowledge base (see col.4, lines 10-12 & 20-24). Baumann 
teaches data related to suspicious events including passive eavesdropping, deception and denial 
of service (see col. 4, lines 18-36 and col. 7, lines 36-41). Baumann does not specifically teach 
detecting intrusions in a tactical data link network, establishing a knowledge base of anomalous 
activity that will lead to the classification of potentially intrusive events, establishing a 
knowledge base of anomalous network activity that will form the foundation for classifying 
potentially intrusive events, creating and utilizing an IW attack model to provide an adaptive 
response to intrusions in a Tactical Intemet, or developing a recovery model to recover from an 
intrusion of an RF based tactical data link. Vaidya teaches establishing a knowledge base of 
anomalous activity that will lead to the classification of potentially intrusive events (see col. 5, 
lines 33-37). Vaidya teaches establishing a knowledge base of anomalous network activity that 
will form the foundation for classifying potentially intrusive events (see col. 5, lines 47-51). 
Vaidya teaches creating and utilizing an attack model to provide an adaptive response to 
intrusions in a network (see col. 5, lines 33-35 and col. 12, lines 62-65). Vaidya teaches 
recovering from a network intrusion (see col. 7, lines 6-10 and col. 6, lines 24-26). Vaidya does 
teach a network that is the Intemet (see col. 5, lines 44-46). Hopkins teaches a wireless network 
that is a tactical data link network (see pg. 5, 9^^ paragraph and pg. 6, 1^' paragraph). It would 
have been obvious to one of ordinary skill in the art at the time the invention was made to make 
the device adapt to include detecting intrusions in a tactical data link network, establishing a 
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knowledge base of anomalous activity that will lead to the classification of potentially intrusive 
events, establishing a knowledge base of anomalous network activity that will form the 
foundation for classifying potentially intrusive events, creating and utilizing an IW attack model 
to provide an adaptive response to intrusions in a Tactical Internet, or developing a recovery 
model to recover from an intrusion of an RF based tactical data link because this would allow for 
improved detection and prevention of network access from fraudulent users. 

Conclusion 

The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. 

Sawyer U.S Patent No. 6,073,006 discloses a method and apparatus for detecting and 
preventing fraud in a satellite communication system. 

Ferrel U.S Patent No. 5,005,210 discloses a method and apparatus for characterizing a 
radio transmitter. 

Kaplan U.S Patent No. 5,999,806 discloses a waveform collection for use in wireless 
telephone identification. 

Porras U.S Patent No. 6,321,338 discloses network surveillance. 

Hawkes U.S Patent No. 5,905,949 discloses a cellular telephone fraud prevention system 
using RF signature analysis. 

Froutan U.S Patent No. 6,654,882 discloses a network security system protecting against 
disclosure of information to unauthorized agents. 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Brandon J Miller whose telephone number is 703-305-4222. The 
examiner can normally be reached on Mon.-Fri. 8:00 am to 5:00 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, William Trost can be reached on 703-308-5318. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-93 14. 

Any inquiry of a general nature or relating to the status of this application or proceeding 
should be directed to the receptionist whose telephone number is 703-305-3900. 



WILLIAM TROST 
SUPERVISORY PATENT EXAMINER 
TECHNOLOGY CENTER 2600 




January 22, 2004 



